From 1bf7470fc61db9ce3924b1e2c245d46120feb355 Mon Sep 17 00:00:00 2001 From: Cody Oss Date: Thu, 22 May 2025 10:47:55 -0500 Subject: [PATCH 1/4] fix(internaloption): AuthCreds should honor WithoutAuthentication In this case the function will return a nil error and a nil credential. This API is currently only used by storage, whom have asked for this usage change. Also, fixed godoc that was not rendering properly before. Internal Bug: 419426629 --- internal/creds.go | 3 +++ internal/creds_test.go | 14 ++++++++++++++ option/internaloption/internaloption.go | 21 +++++++++++---------- 3 files changed, 28 insertions(+), 10 deletions(-) diff --git a/internal/creds.go b/internal/creds.go index 86861e24383..d4ccbd257b0 100644 --- a/internal/creds.go +++ b/internal/creds.go @@ -48,6 +48,9 @@ func Creds(ctx context.Context, ds *DialSettings) (*google.Credentials, error) { // options. If there are no applicable options, then it returns the result of // [cloud.google.com/go/auth/credentials.DetectDefault]. func AuthCreds(ctx context.Context, settings *DialSettings) (*auth.Credentials, error) { + if settings.NoAuth { + return nil, nil + } if settings.AuthCredentials != nil { return settings.AuthCredentials, nil } diff --git a/internal/creds_test.go b/internal/creds_test.go index 69f0a1f505c..1cea8e910cf 100644 --- a/internal/creds_test.go +++ b/internal/creds_test.go @@ -645,3 +645,17 @@ func TestIsSelfSignedJWTFlow(t *testing.T) { } } } + +func TestNewAuth_NoAuth(t *testing.T) { + ctx := context.Background() + ds := &DialSettings{ + NoAuth: true, + } + creds, err := AuthCreds(ctx, ds) + if err != nil { + t.Fatalf("got %v, want nil error", err) + } + if creds != nil { + t.Fatalf("got %v, want nil creds", creds) + } +} diff --git a/option/internaloption/internaloption.go b/option/internaloption/internaloption.go index 18fec9c984a..931f093d89a 100644 --- a/option/internaloption/internaloption.go +++ b/option/internaloption/internaloption.go @@ -289,21 +289,22 @@ func GetLogger(opts []option.ClientOption) *slog.Logger { // options provided via [option.ClientOption], including legacy oauth2/google // options, in this order: // -// * [option.WithAuthCredentials] -// * [option/internaloption.WithCredentials] (internal use only) -// * [option.WithCredentials] -// * [option.WithTokenSource] +// - [option.WithoutAuthentication] +// - [option.WithAuthCredentials] +// - [WithCredentials] (internal use only) +// - [option.WithCredentials] +// - [option.WithTokenSource] // // If there are no applicable credentials options, then it passes the // following options to [cloud.google.com/go/auth/credentials.DetectDefault] and // returns the result: // -// * [option.WithAudiences] -// * [option.WithCredentialsFile] -// * [option.WithCredentialsJSON] -// * [option.WithScopes] -// * [option/internaloption.WithDefaultScopes] (internal use only) -// * [option/internaloption.EnableJwtWithScope] (internal use only) +// - [option.WithAudiences] +// - [option.WithCredentialsFile] +// - [option.WithCredentialsJSON] +// - [option.WithScopes] +// - [WithDefaultScopes] (internal use only) +// - [EnableJwtWithScope] (internal use only) // // This function should only be used internally by generated clients. This is an // EXPERIMENTAL API and may be changed or removed in the future. From 3758e8dce4f352800974700255f566e0386dca1b Mon Sep 17 00:00:00 2001 From: Cody Oss Date: Thu, 22 May 2025 12:59:49 -0500 Subject: [PATCH 2/4] docs --- internal/creds.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/creds.go b/internal/creds.go index d4ccbd257b0..785ec7e005a 100644 --- a/internal/creds.go +++ b/internal/creds.go @@ -47,6 +47,8 @@ func Creds(ctx context.Context, ds *DialSettings) (*google.Credentials, error) { // options provided via [option.ClientOption], including legacy oauth2/google // options. If there are no applicable options, then it returns the result of // [cloud.google.com/go/auth/credentials.DetectDefault]. +// Note: If NoAuth is true(when option.WithoutAuthentication is passed), then no +// authentication will be performed and this function will return nil, nil. func AuthCreds(ctx context.Context, settings *DialSettings) (*auth.Credentials, error) { if settings.NoAuth { return nil, nil From 5a70b7c592e7a41a799871a0c91a02368d88b4a6 Mon Sep 17 00:00:00 2001 From: Cody Oss <6331106+codyoss@users.noreply.github.com> Date: Tue, 27 May 2025 13:34:29 -0500 Subject: [PATCH 3/4] Update internal/creds.go Co-authored-by: Noah Dietz --- internal/creds.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/creds.go b/internal/creds.go index 785ec7e005a..018183e66f3 100644 --- a/internal/creds.go +++ b/internal/creds.go @@ -47,7 +47,7 @@ func Creds(ctx context.Context, ds *DialSettings) (*google.Credentials, error) { // options provided via [option.ClientOption], including legacy oauth2/google // options. If there are no applicable options, then it returns the result of // [cloud.google.com/go/auth/credentials.DetectDefault]. -// Note: If NoAuth is true(when option.WithoutAuthentication is passed), then no +// Note: If NoAuth is true (when option.WithoutAuthentication is passed), then no // authentication will be performed and this function will return nil, nil. func AuthCreds(ctx context.Context, settings *DialSettings) (*auth.Credentials, error) { if settings.NoAuth { From 779389db1ec1ae49233adea91be6e4a6c4c72cf3 Mon Sep 17 00:00:00 2001 From: Cody Oss Date: Tue, 27 May 2025 13:37:32 -0500 Subject: [PATCH 4/4] links --- internal/creds.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/creds.go b/internal/creds.go index 018183e66f3..92bb42c3215 100644 --- a/internal/creds.go +++ b/internal/creds.go @@ -47,8 +47,9 @@ func Creds(ctx context.Context, ds *DialSettings) (*google.Credentials, error) { // options provided via [option.ClientOption], including legacy oauth2/google // options. If there are no applicable options, then it returns the result of // [cloud.google.com/go/auth/credentials.DetectDefault]. -// Note: If NoAuth is true (when option.WithoutAuthentication is passed), then no -// authentication will be performed and this function will return nil, nil. +// Note: If NoAuth is true, when [google.golang.org/api/option.WithoutAuthentication] +// is passed, then no authentication will be performed and this function will +// return nil, nil. func AuthCreds(ctx context.Context, settings *DialSettings) (*auth.Credentials, error) { if settings.NoAuth { return nil, nil